Описание
Security update for xen
This update for xen fixes the following issues:
- CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator which could have led to Denial of Service (bsc#1149813).
- CVE-2019-12068: Fixed an issue in lsi which could lead to an infinite loop and denial of service (bsc#1146874).
- CVE-2019-14378: Fixed a heap buffer overflow in SLiRp networking implementation of QEMU emulator which could have led to execution of arbitrary code with privileges of the QEMU process (bsc#1143797).
- CVE-2019-12067: Fixed a null pointer dereference which could have led to denial of service (bsc#1145652).
- CVE-2019-12155: Fixed a null pointer dereference in QXL VGA card emulator of QEMU which could have led to denial of service (bsc#1135905).
Список пакетов
SUSE Linux Enterprise Server 11 SP4-LTSS
Ссылки
- Link for SUSE-SU-2019:14199-1
- E-Mail link for SUSE-SU-2019:14199-1
- SUSE Security Ratings
- SUSE Bug 1126140
- SUSE Bug 1126141
- SUSE Bug 1126192
- SUSE Bug 1126195
- SUSE Bug 1126196
- SUSE Bug 1126198
- SUSE Bug 1126201
- SUSE Bug 1127400
- SUSE Bug 1135905
- SUSE Bug 1143797
- SUSE Bug 1145652
- SUSE Bug 1146874
- SUSE Bug 1149813
- SUSE CVE CVE-2019-12067 page
- SUSE CVE CVE-2019-12068 page
- SUSE CVE CVE-2019-12155 page
- SUSE CVE CVE-2019-14378 page
Описание
The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null.
Затронутые продукты
Ссылки
- CVE-2019-12067
- SUSE Bug 1145642
- SUSE Bug 1145652
Описание
In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.
Затронутые продукты
Ссылки
- CVE-2019-12068
- SUSE Bug 1146873
- SUSE Bug 1146874
- SUSE Bug 1178658
Описание
interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference.
Затронутые продукты
Ссылки
- CVE-2019-12155
- SUSE Bug 1135902
- SUSE Bug 1135905
Описание
ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.
Затронутые продукты
Ссылки
- CVE-2019-14378
- SUSE Bug 1143794
- SUSE Bug 1143797
- SUSE Bug 1178658
Описание
libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.
Затронутые продукты
Ссылки
- CVE-2019-15890
- SUSE Bug 1149811
- SUSE Bug 1149813
- SUSE Bug 1178658
Описание
An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled.
Затронутые продукты
Ссылки
- CVE-2019-17340
- SUSE Bug 1126140
- SUSE Bug 1178658
Описание
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device.
Затронутые продукты
Ссылки
- CVE-2019-17341
- SUSE Bug 1126141
- SUSE Bug 1178658
Описание
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced.
Затронутые продукты
Ссылки
- CVE-2019-17342
- SUSE Bug 1126192
- SUSE Bug 1178658
Описание
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains.
Затронутые продукты
Ссылки
- CVE-2019-17343
- SUSE Bug 1126195
- SUSE Bug 1178658
Описание
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates.
Затронутые продукты
Ссылки
- CVE-2019-17344
- SUSE Bug 1126196
- SUSE Bug 1178658
Описание
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes.
Затронутые продукты
Ссылки
- CVE-2019-17346
- SUSE Bug 1126198
Описание
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels).
Затронутые продукты
Ссылки
- CVE-2019-17347
- SUSE Bug 1126201
Описание
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable switching.
Затронутые продукты
Ссылки
- CVE-2019-17348
- SUSE Bug 1127400